Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Fedora 42: Critical Buffer Overflow and Heap Vulnerabilities in libpng

fedora
Calendar Grey January 10, 2026
Dist Fedora Esm H88
Fedora 42 updates libpng with critical fixes for buffer overflow risks and more, enhancing image handling security.
fixes several security issues

Summary

The libpng package contains a library of functions for creating and

manipulating PNG (Portable Network Graphics) image format files. PNG

is a bit-mapped graphics format similar to the GIF format. PNG was

created to replace the GIF format, since GIF uses a patented data

compression algorithm.

Libpng should be installed if you need to manipulate PNG format image

files.

Update Information:

fixes several security issues

Topics%20covered

Topics Covered

security advisory fedora buffer overflow critical libpng heap overflow

Change Log

* Mon Dec 8 2025 Michal Hlavinka - 2:1.6.53-1 - updated to 1.6.53 (#2418775) * Mon Dec 8 2025 Michal Hlavinka - 2:1.6.52-1 - updated to 1.6.52 (#2418775) * Thu Nov 27 2025 Michal Hlavinka - 2:1.6.51-1 - updated to 1.6.51 (#2416525) * Thu Jul 24 2025 Fedora Release Engineering - 2:1.6.50-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild * Tue Jul 15 2025 Michal Hlavinka - 2:1.6.50-1 - updated to 1.6.50 * Mon Jun 16 2025 Michal Hlavinka - 2:1.6.49-1 - updated to 1.6.49 (#2372582) * Mon May 5 2025 Michal Hlavinka - 2:1.6.48-1 - updated to 1.6.48 (#2363171) * Wed Feb 19 2025 Michal Hlavinka - 2:1.6.47-1 - updated to 1.6.47 (#2346280) * Fri Jan 31 2025 Michal Hlavinka - 2:1.6.46-1 - updated to 1.6.46 (#2336284)

References


[ 1 ] Bug #2417429 - CVE-2025-64720 libpng: LIBPNG buffer overflow [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2417429 [ 2 ] Bug #2417448 - CVE-2025-65018 libpng: LIBPNG heap buffer overflow [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2417448 [ 3 ] Bug #2417459 - CVE-2025-64506 libpng: LIBPNG heap buffer over-read [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2417459 [ 4 ] Bug #2418410 - CVE-2025-64505 libpng: LIBPNG heap buffer overflow via malformed palette index [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2418410 [ 5 ] Bug #2418736 - CVE-2025-66293 libpng: LIBPNG out-of-bounds read in png_image_read_composite [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2418736

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-a9dc8509e9' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: libpng
Product: Fedora 42
Version: 1.6.53
Release: 1.fc42
URL: http://www.libpng.org/pub/png/
Summary: A library of functions for manipulating PNG image format files

Topics%20covered

Topics Covered

security advisory fedora buffer overflow critical libpng heap overflow

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here